privacy policy

1. Name and contact details of the person responsible for processing and the company data protection officer

This privacy information applies to data processing by:

Responsible:

ROSTOW Bau GmbH
August-Bebel-Straße 1a
18055 Rostock, Germany

E-mail:

info(a)rostow.de

Phone:

+49 (0381) 25 20 25 and +49 (0395) 56 08 00

FAX:

+49 (0381) 2 52 02 99 and +49 (0395) 5 60 80-12

as well as the companies that cooperate directly with ROSTOW Bau GmbH:

ROSTOW Development and Sales GmbH
Friedrich-Engels-Ring 3
17033 Neubrandenburg;

ROSTOW Society for Financial Planning and Pension Provision mbH
Friedrich-Engels-Ring 3
17033 Neubrandenburg

and

ROSTOW Projektentwicklungsgesellschaft mbH
August-Bebel-Straße 1a
18055 Rostock

The company data protection officer of all four aforementioned companies can be reached at the above addresses, addressed to Mr. Benschneider, or at olaf.benschneider(a)rostow.de.

2. Collection and storage of personal data as well as the type and purpose of their use

a)

When you visit the website

When you visit our website www.rostow.de or www.rostow-massivhaus.de, the browser used on your device automatically sends information to the server of our website. This information is temporarily stored in a so-called log file. The following information is recorded without your intervention and stored until it is automatically but manually deleted:

IP address of the requesting computer,
date and time of access,
Name and URL of the retrieved file,
Website from which access is made (referrer URL),
browser used and, if applicable, the operating system of your computer and the name of your access provider.

We process the above data for the following purposes:

Ensuring a smooth connection to the website,
Ensuring comfortable use of our website,
Evaluation of system security and stability as well as
for further administrative purposes.

The legal basis for data processing is Art. 6 Paragraph 1 Clause 1 Letter f of GDPR. Our legitimate interest arises from the purposes for data collection listed above. Under no circumstances will we use the data collected for the purpose of drawing conclusions about you personally.
In addition, we use cookies and analysis services when you visit our website. You can find more detailed information about this in sections 4 and 5 of this data protection declaration.

b)

When you sign up for our newsletter

If you have expressly consented in accordance with Art. 6 Paragraph 1 Clause 1 Letter a of GDPR, we will use your email address to regularly send you our newsletter. Providing an email address is sufficient to receive the newsletter.
You can unsubscribe at any time, for example via a link at the end of each newsletter. Alternatively, you can send your unsubscribe request to info(a)rostow.de by email at any time.

c)

When using our contact form

If you have any questions, we offer you the opportunity to contact us using a form provided on the website. You must provide a valid email address so that we know who the request came from and can answer it. Other information can be provided voluntarily.
Data processing for the purpose of contacting us is carried out in accordance with Art. 6 Paragraph 1 Clause 1 Letter a of GDPR on the basis of your voluntarily given consent.
The personal data we collect when you use the contact form will be deleted either automatically or manually after your enquiries have been processed.

d)

When using offers via Immobilienscout24

Information on how Immobilien Scout GmbH handles your data can be found in their privacy policy at: https://www.immobilienscout24.de/agb/datenschutz.html When you use the contact form within the offers, the data is stored by ImmobilienScout24 and sent to us. You will also receive an email from ImmobilienScout24 to confirm your request to us.

3. sharing of data

Your personal data will not be transferred to third parties for purposes other than those listed below.

We will only share your personal information with third parties if:

You have given your express consent in accordance with Art. 6 (1) sentence 1 lit. a GDPR,
the disclosure is necessary in accordance with Art. 6 (1) sentence 1 lit. f GDPR to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data,
in the event that there is a legal obligation to disclose data pursuant to Art. 6 (1) sentence 1 lit. c GDPR, and
this is legally permissible and is necessary according to Art. 6 Paragraph 1 Clause 1 Letter b of GDPR for the preparation of analyses and offers, the conclusion of contracts and the implementation of contractual relationships with you.

We refer in particular to the “Information on data processing and information obligations when preparing analyses, preparing offers, planning, concluding contracts, brokering contracts and executing contracts” which are also available on this website.

4. International data transfers

Your personal data will not be transferred to third parties for purposes other than those listed below.

We will only share your personal information with third parties if:

Further information on processing procedures, methods and services:

Storage and deletion of data:

Your personal data will not be transferred to third parties for purposes other than those listed below.

We will only share your personal information with third parties if:

Your personal data will not be transferred to third parties for purposes other than those listed below.

We will only share your personal information with third parties if:

5. General information on data storage and deletion

We delete personal data that we process in accordance with legal provisions as soon as the underlying consent is revoked or no further legal basis for processing exists. This applies to cases where the original processing purpose no longer applies or the data is no longer needed. Exceptions to this rule exist if legal obligations or special interests require longer retention or archiving of the data.
In particular, data that must be retained for commercial or tax law reasons, or whose retention is necessary for legal proceedings or to protect the rights of other natural or legal persons, must be archived accordingly.
Our privacy policy contains additional information on the retention and deletion of data that applies specifically to certain processing operations.
If multiple retention periods or deletion periods are specified for a given date, the longest period always applies.
If a period does not explicitly begin on a specific date and is at least one year, it automatically begins at the end of the calendar year in which the event triggering the period occurred. In the case of ongoing contractual relationships within which data is stored, the event triggering the deadline is the date on which the termination or other termination of the legal relationship takes effect.
Data that is no longer stored for the originally intended purpose but is retained due to legal requirements or other reasons will only be processed for the reasons that justify its retention.

6. analysis tools

Relevant legal bases under the GDPR:

The tracking measures listed below and used by us are carried out on the basis of Art. 6 Paragraph 1 Clause 1 Letter f of GDPR. With the tracking measures used, we want to ensure that our website is designed to meet your needs and is continuously optimized. On the other hand, we use the tracking measures to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer for you. These interests are to be regarded as legitimate within the meaning of the aforementioned provisions.
The respective data processing purposes and data categories can be found in the corresponding tracking tools.

You have given your express consent in accordance with Art. 6 (1) sentence 1 lit. a GDPR,
the disclosure is necessary in accordance with Art. 6 (1) sentence 1 lit. f GDPR to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data,
in the event that there is a legal obligation to disclose data pursuant to Art. 6 (1) sentence 1 lit. c GDPR, and
this is legally permissible and is necessary according to Art. 6 Paragraph 1 Clause 1 Letter b of GDPR for the preparation of analyses and offers, the conclusion of contracts and the implementation of contractual relationships with you.

National data protection regulations in Germany:

In addition to the data protection provisions of the GDPR, national data protection regulations apply in Germany. These include, in particular, the Federal Data Protection Act (BDSG). The BDSG contains, in particular, special provisions on the right to information, the right to erasure, the right of objection, the processing of special categories of personal data, processing for other purposes, and transmission, as well as automated decision-making in individual cases, including profiling. Furthermore, state data protection laws of individual federal states may apply.

Reference to the validity of GDPR and Swiss DSG:

This privacy policy serves to provide information in accordance with both the Swiss Data Protection Act (DPA) and the General Data Protection Regulation (GDPR). For this reason, we ask you to note that, due to their broader geographical application and clarity, the terms of the GDPR are used. In particular, instead of the terms "processing" of "personal data," "overriding interest," and "particularly sensitive personal data" used in the Swiss Data Protection Act, the terms "processing" of "personal data," "legitimate interest," and "special categories of data" used in the GDPR are used. However, the legal meaning of the terms will continue to be determined according to the Swiss Data Protection Act within the scope of the Swiss Data Protection Act.

7. Security measures

You have the right:

6. rights of those affected

You have the right:

to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you can request information about the purposes of processing, the category of personal data, the category of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected from us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information on its details;
to obtain the immediate correction or completion of any inaccurate personal data stored by us in accordance with Art. 16 GDPR;
to request the deletion of your personal data stored by us in accordance with Art. 17 GDPR, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
to request the restriction of the processing of your personal data pursuant to Art. 18 GDPR if you contest the accuracy of the data, the processing is unlawful but you refuse to delete it and we no longer need the data, but you require it to assert, exercise or defend legal claims or you have objected to the processing pursuant to Art. 21 GDPR;
pursuant to Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transmitted to another controller;
to revoke your consent at any time in accordance with Art. 7 Paragraph 3 GDPR. This means that we may no longer continue the data processing based on this consent in the future and
to complain to a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or work or of our company headquarters.

9. right of objection

If your personal data is processed on the basis of legitimate interests in accordance with Art. 6 Paragraph 1 Clause 1 Letter f of GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR, provided there are reasons for doing so that arise from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right of objection, which we will implement without specifying a particular situation.
If you would like to exercise your right of withdrawal or objection, simply send an email to info(a)rostow.de.

10. Business services

We process data from our contractual and business partners, e.g., customers and interested parties (collectively referred to as "contractual partners"), within the framework of contractual and comparable legal relationships, as well as related measures and with regard to communication with the contractual partners (or pre-contractually), for example, to respond to inquiries.
We use this data to fulfill our contractual obligations. This includes, in particular, the obligations to provide the agreed services, any update obligations, and the remedy of warranty and other service disruptions. Furthermore, we use the data to protect our rights and for the purposes of the administrative tasks associated with these obligations, as well as for corporate organization. Furthermore, we process the data based on our legitimate interests in proper and efficient business management and in security measures to protect our contractual partners and our business operations from misuse and endangerment of their data, secrets, information, and rights (e.g., the involvement of telecommunications, transport, and other auxiliary services, as well as subcontractors, banks, tax and legal advisors, payment service providers, or tax authorities). Within the scope of applicable law, we only share contractual partners' data with third parties to the extent necessary for the aforementioned purposes or to fulfill legal obligations. Contractual partners will be informed of other forms of processing, such as for marketing purposes, within the framework of this privacy policy.
We will inform contractual partners which data is required for the aforementioned purposes before or during data collection, e.g., in online forms, through special markings (e.g., colors) or symbols (e.g., asterisks, etc.), or in person.
We delete the data after statutory warranty and similar obligations have expired, i.e., generally after four years, unless the data is stored in a customer account, e.g., for as long as it must be retained for legal archiving reasons (e.g., for tax purposes, usually ten years). We delete data disclosed to us by the contractual partner as part of an order in accordance with the specifications and generally after the end of the order.

Types of data processed: Inventory data (e.g., full name, home address, contact information, customer number, etc.); payment data (e.g., bank details, invoices, payment history); contact data (e.g., postal and email addresses or telephone numbers); contract data (e.g., subject matter of the contract, term, customer category).

Data subjects: Service recipients and clients; interested parties; business and contractual partners.

Purposes of processing: Provision of contractual services and fulfillment of contractual obligations; communication; office and organizational procedures; organizational and administrative procedures; business processes and operational procedures.

Retention and deletion: Deletion in accordance with the information in the "General information on data storage and deletion" section.

Legal basis: Contractual fulfillment and pre-contractual inquiries (Art. 6 (1) (b) GDPR); legal obligation (Art. 6 (1) (c) GDPR). Legitimate interests (Article 6 (1) (f) GDPR).

Further information on processing procedures, methods and services:

Construction: We process the data of our customers and clients to enable them to plan, implement, and complete construction projects and related services. The required information includes the information needed for project implementation and invoicing, as well as contact information for necessary coordination. To the extent we receive access to information from end customers, employees, or other persons, we process it in accordance with legal and contractual requirements. Legal bases: Contractual fulfillment and pre-contractual inquiries (Art. 6 (1) (b) GDPR), legal obligation (Art. 6 (1) (c) GDPR), legitimate interests (Art. 6 (1) (f) GDPR).

Brokerage and agency services: We process the data of our customers, clients, and interested parties (collectively referred to as "customers") in accordance with the underlying customer order. We may also process information about the characteristics and circumstances of persons or property belonging to them if this is part of the subject matter of our order. This may, for example, be data relating to the data subject's identity or identity. This may include, for example, information about personal circumstances, movable or immovable property, and financial situation.
If required for contract fulfillment or legally required, or authorized by the customer, or based on our legitimate interests, we will disclose or transmit customer data in the context of coverage inquiries, conclusion and processing of contracts to providers of the brokered services/properties, insurers, reinsurers, broker pools, technical service providers, other service providers such as cooperating associations, as well as financial service providers, credit institutions and investment companies, as well as social insurance providers, tax authorities, tax advisors, legal advisors, auditors, insurance ombudsmen, and the Federal Financial Supervisory Authority (BaFin). Furthermore, subject to other agreements, we may engage subcontractors, such as sub-agents; legal basis: contract fulfillment and pre-contractual inquiries (Art. 6 (1) (b) GDPR).

Craft services: We process the data of our customers and clients (hereinafter collectively referred to as "customers") to enable them to select, purchase, or commission the selected services or works and related activities, as well as to pay for and deliver, execute, or provide them.

The required information is marked as such within the scope of the order, purchase order, or similar contract conclusion and includes the information required for delivery and invoicing, as well as contact information for any follow-up consultations. Legal basis: Contract fulfillment and pre-contractual inquiries (Art. 6 (1) (b) GDPR).

Technical services: We process the data of our customers and clients (hereinafter collectively referred to as "customers") to enable them to select, purchase, or commission the selected services or works and related activities, as well as to pay for and deliver, execute, or provide them.

The required information is marked as such within the scope of the order, purchase order, or similar contract conclusion and includes the information required for service provision and billing, as well as contact information for any follow-up consultations. To the extent that we receive access to information from end customers, employees, or other persons, we process it in accordance with legal and contractual requirements; legal basis: contract fulfillment and pre-contractual inquiries (Art. 6 (1) (b) GDPR).

Financial services: We process our customers' data to enable them to advise, broker, and conclude financial transactions and related services. The required information is marked as such within the scope of the advice, brokerage, or similar contract conclusion and includes the information required for service provision and billing, as well as contact information for any follow-up consultations. To the extent that we receive access to information from customers or other persons, we process it in accordance with legal and contractual requirements; Legal basis: Contractual performance and pre-contractual inquiries (Art. 6 (1) (b) GDPR), legal obligation (Art. 6 (1) (c) GDPR), legitimate interests (Art. 6 (1) (f) GDPR).

11. Business processes and procedures

Personal data of service recipients and clients – including customers, clients, or in special cases, clients, patients, business partners, and other third parties – is processed within the framework of contractual and comparable legal relationships and pre-contractual measures such as the initiation of business relationships. This data processing supports and facilitates business processes in areas such as customer management, sales, payment transactions, accounting, and project management.
The collected data is used to fulfill contractual obligations and organize operational processes efficiently. This includes the processing of business transactions, the management of customer relationships, the optimization of sales strategies, and the safeguarding of internal accounting and financial processes. In addition, the data supports the protection of the controller's rights and promotes administrative tasks and the organization of the company.
Personal data may be transferred to third parties if this is necessary to fulfill the stated purposes or legal obligations. After the expiration of statutory retention periods or when the purpose of processing no longer applies, the data will be deleted. This also includes data that must be stored for a longer period due to tax and legal documentation requirements.

Further information on processing procedures, methods and services:

Customer management and customer relationship management (CRM): Procedures required within the scope of customer management and customer relationship management (CRM) (e.g., customer acquisition in compliance with data protection regulations, measures to promote customer retention and loyalty, effective customer communication, complaint management and customer service with due consideration of data protection, data management and analysis to support customer relationships, CRM system management, secure account management, customer segmentation, and target group formation); Legal bases: Contractual performance and pre-contractual inquiries (Art. 6 (1) (b) GDPR), legitimate interests (Art. 6 (1) (f) GDPR).

Contact management and contact maintenance: Procedures required for organizing, maintaining, and securing contact information (e.g., setting up and maintaining a central contact database, regularly updating contact information, monitoring data integrity, implementing data protection measures, ensuring access controls, performing backups and restores of contact data, training employees in the effective use of contact management software, regularly reviewing communication history, and adapting contact strategies). Legal basis: Contractual fulfillment and pre-contractual inquiries (Art. 6 (1) (b) GDPR), legitimate interests (Art. 6 (1) (f) GDPR).

Customer account: Customers can create an account within our online offering (e.g., a customer or user account, "customer account" for short). If registration of a customer account is required, customers will be informed of this, as well as the information required for registration. Customer accounts are not public and cannot be indexed by search engines. During registration, as well as subsequent logins and use of the customer account, we store the customer's IP addresses along with the access times in order to verify registration and prevent any misuse of the customer account. If the customer account is terminated, the customer account data will be deleted after the termination date, unless it is retained for purposes other than providing the customer account or must be retained for legal reasons (e.g., internal storage of customer data, order processes, or invoices). It is the customer's responsibility to back up their data upon termination of the customer account; legal bases: contractual fulfillment and pre-contractual inquiries (Art. 6 (1) (b) GDPR), legitimate interests (Art. 6 (1) (f) GDPR).

General payment transactions: Procedures required for the execution of payment transactions, the monitoring of bank accounts, and the control of payment flows (e.g., preparation and verification of transfers, processing of direct debit transactions, checking account statements, monitoring incoming and outgoing payments, direct debit management, account reconciliation, cash management). Legal basis: Contractual performance and pre-contractual inquiries (Art. 6 (1) (b) GDPR), legitimate interests (Art. 6 (1) (f) GDPR).

Accounting, accounts payable, accounts receivable: Procedures required for the recording, processing, and control of business transactions in the area of accounts payable and accounts receivable accounting (e.g., preparation and verification of incoming and outgoing invoices, monitoring and management of open items, execution of payment transactions, processing dunning, account reconciliation within the scope of receivables and payables, accounts payable and accounts receivable accounting). Legal basis: Contractual performance and pre-contractual inquiries (Art. 6 (1) (b) GDPR), legal obligation (Art. 6 (1) (c) GDPR), legitimate interests (Art. 6 (1) (f) GDPR).

Financial accounting and taxes: Procedures required for the recording, administration, and control of financially relevant business transactions as well as for the calculation, reporting, and payment of taxes (e.g., account assignment and posting of business transactions, preparation of quarterly and annual financial statements, execution of payment transactions, processing of dunning procedures, account reconciliation, tax advice, preparation and filing of tax returns, tax administration); Legal basis: Contractual performance and pre-contractual inquiries (Art. 6 (1) (b) GDPR), legal obligation (Art. 6 (1) (c) GDPR), legitimate interests (Art. 6 (1) (f) GDPR).

Marketing, advertising and sales promotion: Procedures required within the framework of marketing, advertising and sales promotion (e.g., market analysis and target group determination, development of marketing strategies, planning and implementation of

12. Provision of the online service and web hosting

We process user data to provide them with our online services. For this purpose, we process the user's IP address, which is necessary to transmit the content and functions of our online services to the user's browser or device.

Types of data processed: Usage data (e.g., page views and length of stay, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions); meta, communication, and process data (e.g., IP addresses, time information, identification numbers, persons involved); protocol data (e.g., log files relating to logins or data retrieval or access times); content data (e.g., textual or visual messages and posts, as well as related information, such as authorship or time of creation); contact data (e.g., postal and email addresses or telephone numbers); inventory data (e.g., full name, home address, contact information, customer number, etc.); location data (information on the geographical location of a device or person).

Data subjects: Users (e.g., website visitors, users of online services); service recipients and clients; Employees (e.g., salaried employees, applicants, temporary workers, and other staff); communication partners; interested parties.

Purposes of processing: Provision of our online offering and user-friendliness; information technology infrastructure (operation and provision of information systems and technical equipment (computers, servers, etc.)); security measures; provision of contractual services and fulfillment of contractual obligations; office and organizational procedures; direct marketing (e.g., by email or post); marketing; reach measurement (e.g., access statistics, recognition of recurring visitors); tracking (e.g., interest-/behavior-based profiling, use of cookies); remarketing; profiles with user-related information (creation of user profiles); conversion measurement (measurement of the effectiveness of marketing measures). Establishment and implementation of employment relationships (processing of employee data in the context of establishing and implementing employment relationships).

Retention and deletion: Deletion in accordance with the information in the "General Information on Data Storage and Deletion" section.

Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR). Consent (Art. 6 (1) (a) GDPR).

Further information on processing procedures, methods and services:

Provision of online services on rented storage space: To provide our online services, we use storage space, computing capacity, and software that we rent from a corresponding server provider (also called a "web host") or obtain from other sources. Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR).

Collection of access data and log files: Access to our online services is logged in the form of so-called "server log files." Server log files may include the address and name of the accessed web pages and files, the date and time of access, the amount of data transferred, notification of successful access, browser type and version, the user's operating system, the referrer URL (the previously visited page), and, as a rule, IP addresses and the requesting provider. Server log files can be used for security purposes, e.g. B. to avoid overloading the servers (especially in the case of abusive attacks, so-called DDoS attacks), and secondly to ensure server utilization and stability; Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR). Deletion of data: Log file information is stored for a maximum of 30 days and then deleted or anonymized. Data whose further retention is necessary for evidentiary purposes is exempt from deletion until the respective incident has been finally resolved.

Email sending and hosting: The web hosting services we use also include the sending, receiving, and storage of emails. For these purposes, the addresses of the recipients and senders, as well as other information regarding the email sending (e.g., the providers involved), and the content of the respective emails are processed. The aforementioned data may also be processed for the purpose of detecting SPAM. Please note that emails are generally not sent encrypted over the internet. While emails are generally encrypted during transport (unless a so-called end-to-end encryption method is used), they are not encrypted on the servers from which they are sent and received. We therefore cannot assume any responsibility for the transmission path of emails between the sender and the recipient on our server. Legal basis: legitimate interests (Art. 6 (1) (f) GDPR).

Content Delivery Network: We use a "Content Delivery Network" (CDN). A CDN is a service that enables the faster and more secure delivery of online content, especially large media files such as graphics or program scripts, using regionally distributed servers connected via the internet. Legal basis: legitimate interests (Art. 6 (1) (f) GDPR).

STRATO: Services in the field of providing information technology infrastructure and related services (e.g., storage space and/or computing capacity); Service provider: STRATO AG, Pascalstraße 10, 10587 Berlin, Germany; Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR); Website: https://www.strato.de; Privacy Policy: https://www.strato.de/datenschutz/. Data processing agreement: Provided by the service provider.

1&1 IONOS: Services in the field of providing information technology infrastructure and related services (e.g., storage space and/or computing capacity); Service provider: 1&1 IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany; Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR); Website: https://www.ionos.de; Privacy Policy: https://www.ionos.de/terms-gtc/terms-privacy. Data processing agreement: https://www.ionos.de/hilfe/datenschutz/allgemeine-informationen-zur-datenschutz-grundverordnung-dsgvo/auftragsverarbeitung/.

Wix: Hosting and software for the creation, provision, and operation of websites, blogs, and other online offerings; Service provider: Wix.com Ltd., Nemal St. 40, 6350671 Tel Aviv, Israel; Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR); Website: https://de.wix.com/; Privacy Policy: https://de.wix.com/about/privacy; Data processing agreement: https://www.wix.com/about/privacy-dpa-users. Basis for third-country transfers: Data Privacy Framework (DPF).

calendly: Online appointment scheduling and appointment management; Service provider: Calendly LLC, 271 17th St NW, Ste 1000, Atlanta, Georgia, 30363, USA; Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR); Website: https://calendly.com/de; Privacy policy: https://calendly.com/privacy; Data processing agreement: https://calendly.com/dpa. Basis for third-country transfers: Standard contractual clauses (https://calendly.com/dpa).

13. cookies

The term "cookies" refers to functions that store and retrieve information from users' end devices. Cookies can also be used for various purposes, such as ensuring the functionality, security, and convenience of online offerings, as well as creating analyses of visitor flows. We use cookies in accordance with legal regulations. Where necessary, we obtain user consent in advance. If consent is not required, we rely on our legitimate interests. This applies when storing and retrieving information is essential to provide expressly requested content and functions. This includes, for example, saving settings and ensuring the functionality and security of our online offering. Consent can be revoked at any time. We provide clear information about the scope of cookies and which cookies are used.

Information on data protection legal bases:

We use cookies on our website. These are small files that your browser automatically creates and that are stored on your device (laptop, tablet, smartphone, etc.) when you visit our website. Cookies do not cause any damage to your device and do not contain any viruses, Trojans or other malware.
Information relating to the specific device used is stored in the cookie. However, this does not mean that we immediately know your identity.
The use of cookies serves, on the one hand, to make the use of our services more pleasant for you. For example, we use so-called session cookies to recognize that you have already visited individual pages of our website. These are automatically deleted after you leave our site.
In addition, we also use temporary cookies to optimize user-friendliness. These cookies are stored on your device for a specific period of time. If you visit our site again to use our services, it will automatically recognize that you have already visited us and which entries and settings you have made so that you do not have to enter them again.
We also use cookies to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer for you (see section 5). These cookies enable us to automatically recognize that you have already visited our site when you visit it again. These cookies are automatically deleted after a defined period of time.
The data processed by cookies are necessary for the purposes mentioned to protect our legitimate interests and those of third parties in accordance with Art. 6 (1) sentence 1 lit. f GDPR.
Most browsers automatically accept cookies. However, you can configure your browser so that no cookies are stored on your computer or so that a warning always appears before a new cookie is created. However, completely disabling cookies may mean that you cannot use all the functions of our website.

Storage period:

Whether we process personal data using cookies depends on consent. If consent is given, it serves as the legal basis. Without consent, we rely on our legitimate interests, which are explained above in this section and in the context of the relevant services and processes.

General information on revocation and objection (opt-out):

Users can revoke the consent they have given at any time and also object to processing in accordance with legal requirements, including through the privacy settings of their browser.

Types of data processed: Metadata, communication data, and procedural data (e.g., IP addresses, time stamps, identification numbers, persons involved).

Data subjects: Users (e.g., website visitors, users of online services).

Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR). Consent (Art. 6 (1) (a) GDPR).

Further information on processing procedures, methods and services:

Processing of cookie data based on consent: We use a consent management solution that obtains users' consent to the use of cookies or to the procedures and providers named within the consent management solution. This procedure is used to obtain, log, manage, and revoke consent, in particular with regard to the use of cookies and similar technologies used to store, read, and process information on users' end devices. As part of this procedure, users' consent is obtained for the use of cookies and the associated processing of information, including the specific processing operations and providers named in the consent management procedure. Users also have the option of managing and revoking their consent. Consent declarations are saved to avoid repeated queries and to be able to provide evidence of consent in accordance with legal requirements. The data is stored on the server and/or in a cookie (so-called opt-in cookie) or using similar technologies in order to be able to assign consent to a specific user or their device. Unless specific information is available about the providers of consent management services, the following general information applies: Consent is stored for up to two years. A pseudonymous user identifier is created, which is stored together with the time of consent, information about the scope of consent (e.g., relevant categories of cookies and/or service providers), and information about the browser, system, and device used. Legal basis: Consent (Art. 6 (1) (a) GDPR).

Cookiebot: Consent management: Procedures for obtaining, logging, managing, and revoking consent, in particular for the use of cookies and similar technologies for storing, reading, and processing information on users' devices, as well as for processing this information. Service provider: Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark; Website: https://www.cookiebot.com/de; Privacy policy: https://www.cookiebot.com/de/privacy-policy/; Data processing agreement: Provided by the service provider; Further information: Stored data (on the service provider's server): The user's IP number in anonymized form (the last three digits are set to 0), the date and time of consent, the browser information, the URL from which the consent was sent, an anonymous, random, and encrypted key value, and the user's consent status.

14. Special notes on applications (apps)

We process the data of our application users to the extent necessary to provide the application and its functionalities to users, to monitor its security, and to further develop it. We may also contact users in compliance with legal requirements if communication is necessary for the purposes of administering or using the application. Furthermore, with regard to the processing of user data, we refer to the data protection information in this privacy policy.

Legal basis

The processing of data required to provide the application's functionalities serves to fulfill contractual obligations. This also applies if the provision of the functions requires user authorization (e.g., enabling device functions). If the processing of data is not necessary to provide the application's functionalities, but serves the security of the application or our business interests (e.g., collecting data for the purpose of optimizing the application or for security purposes), it is based on our legitimate interests. If users are expressly asked for their consent to the processing of their data, the processing of the data covered by the consent is based on their consent.

Types of data processed: Inventory data (e.g., full name, home address, contact information, customer number, etc.); Usage data (e.g., page views and length of stay, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions); Meta, communication, and procedural data (e.g., IP addresses, time information, identification numbers, persons involved); Payment data (e.g., bank details, invoices, payment history). Contract data (e.g., subject matter of the contract, term, customer category).

Data subjects: Users (e.g., website visitors, users of online services).

Purposes of processing: Provision of contractual services and fulfillment of contractual obligations; Security measures; Provision of our online offering and user-friendliness.

Retention and deletion: Deletion in accordance with the information in the "General information on data storage and deletion" section.

Legal basis: Contractual performance and pre-contractual inquiries (Art. 6 (1) (b) GDPR). Legitimate interests (Art. 6 (1) (f) GDPR).

Further information on processing procedures, methods and services:

Commercial use: We process the data of our application users, registered users, and any test users (hereinafter collectively referred to as "users") in order to provide them with our contractual services, as well as on the basis of legitimate interests, to ensure the security of our application and to further develop it. The required information is marked as such within the scope of the user agreement, contract, order, or similar contract conclusion and may include the information required for service provision and any billing, as well as contact information for any follow-up consultations. Legal basis: Contractual fulfillment and pre-contractual inquiries (Art. 6 (1) (b) GDPR).

Device permissions for access to functions and data: The use of our application or its functionalities may require user permissions to access certain functions of the devices used or to access the data stored on the devices or accessible via the devices. By default, these permissions must be granted by the users and can be revoked at any time in the settings of the respective devices. The exact procedure for controlling app permissions may depend on the user's device and software. Users can contact us if they require clarification. We would like to point out that denying or revoking the respective permissions may affect the functionality of our application.

Processing of stored contacts: When using our application, the contact information of individuals (name, email address, telephone number) stored in the device's contact directory is processed. The use of contact information requires user authorization, which can be revoked at any time. The use of contact information is only intended to provide the respective functionality of our application, in accordance with its description to users, or its typical and expected functionality. Users are advised that permission to process contact information must be permitted and, in particular, in the case of natural persons, requires their consent or legal permission.

Use of contact data for contact matching purposes: The contact data stored in the device's contact directory can be used to check whether these contacts also use our application. For this purpose, the contact details of the respective contacts (including the telephone number, email address and names) are uploaded to our server and used only for the purpose of comparison.

9. Contact and inquiry management

This privacy policy is currently valid and is dated October 2024.
Due to the further development of our website and offers on it or due to changed legal or official requirements, it may become necessary to change this data protection declaration.

Types of data processed: Inventory data (e.g., full name, home address, contact information, customer number, etc.); contact data (e.g., postal and email addresses or telephone numbers); content data (e.g., textual or visual messages and posts, as well as related information, such as authorship or time of creation); usage data (e.g., page views and duration of visits, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions). Meta, communication, and procedural data (e.g., IP addresses, time stamps, identification numbers, persons involved).

Data subjects: Communication partners.

Purposes of processing: Communication; organizational and administrative procedures; feedback (e.g., collecting feedback via online form). Provision of our online offering and user-friendliness.

Retention and deletion: Deletion in accordance with the information in the "General Information on Data Storage and Deletion" section.

Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR). Contractual performance and pre-contractual inquiries (Art. 6 (1) (b) GDPR).

Further information on processing procedures, methods and services:

Contact form: When you contact us via our contact form, by email, or other communication channels, we process the personal data you provide to answer and process your request. This generally includes information such as your name, contact information, and, if applicable, other information that is provided to us and is necessary for appropriate processing. We use this data exclusively for the stated purpose of contact and communication; legal bases: contract fulfillment and pre-contractual inquiries (Art. 6 (1) (b) GDPR), legitimate interests (Art. 6 (1) (f) GDPR).

16. Video conferencing, online meetings, webinars and screen sharing

We use platforms and applications from third-party providers (hereinafter referred to as "conference platforms") for the purpose of conducting video and audio conferences, webinars, and other types of video and audio meetings (hereinafter collectively referred to as "conferences"). When selecting conference platforms and their services, we comply with legal requirements.

Data processed by conference platforms:

As part of participation in a conference, the conference platforms process the personal data of the participants listed below. The extent of processing depends on which data is required within the framework of a specific conference (e.g., provision of access data or real names) and which optional information is provided by the participants. In addition to processing for the purpose of conducting the conference, participants' data may also be processed by the conference platforms for security purposes or to optimize the service. The data processed includes personal data (first name, last name), contact information (email address, telephone number), access data (access codes or passwords), profile pictures, information on professional position/function, the IP address of the internet access, information on the participants' end devices, their operating system, the browser and its technical and language settings, information on the content of the communication processes, i.e., entries in chats as well as audio and video data, as well as the use of other available functions (e.g., surveys). The content of the communications is encrypted to the extent technically provided by the conference providers. If participants are registered as users on the conference platforms, further data may be processed in accordance with the agreement with the respective conference provider.

If text entries, participation results (e.g. from surveys) as well as video or audio recordings are logged, participants will be informed transparently in advance and, where necessary, asked for their consent.

Participants’ data protection measures:

Please refer to the conference platforms' privacy policies for details on how your data is processed and select the optimal security and data protection settings for you within the conference platform's settings. Please also ensure data and privacy protection in the background of your recording for the duration of a video conference (e.g., by informing roommates, locking doors, and using the background blur function, where technically possible). Links to the conference rooms and access data must not be shared with unauthorized third parties.

Notes on legal basis:

If, in addition to the conference platforms, we also process user data and ask users for their consent to use the conference platforms or certain functions (e.g., consent to recording conferences), the legal basis for processing is this consent. Furthermore, our processing may be necessary to fulfill our contractual obligations (e.g., in participant lists, in the case of processing discussion results, etc.). Furthermore, user data is processed based on our legitimate interest in efficient and secure communication with our communication partners.

Further information on processing procedures, methods and services:

Types of data processed: Inventory data (e.g., full name, home address, contact information, customer number, etc.); contact data (e.g., postal and email addresses or telephone numbers); content data (e.g., textual or visual messages and posts, as well as related information, such as authorship or time of creation); usage data (e.g., page views and duration of visits, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions); image and/or video recordings (e.g., photographs or video recordings of a person); sound recordings. Log data (e.g., log files regarding logins or data retrieval or access times).

Data subjects: Communication partners; users (e.g., website visitors, users of online services). Depicted persons.

Purposes of processing: Provision of contractual services and fulfillment of contractual obligations; communication. Office and organizational procedures.

Storage and deletion: Deletion in accordance with the information in the "General information on data storage and deletion" section.

Legal basis: Legitimate interests (Article 6 (1) (f) GDPR).

Microsoft Teams: Audio and video conferencing, chat, file sharing, integration with Office 365 applications, real-time collaboration on documents, calendar functions, task management, screen sharing, optional recording; Service provider: Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland; Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR); Website: https://www.microsoft.com/de-de/microsoft-teams/; Privacy policy: https://privacy.microsoft.com/de-de/privacystatement, Security information: https://www.microsoft.com/de-de/trustcenter. Basis for third-country transfers: Data Privacy Framework (DPF), Standard Contractual Clauses (https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA), Data Privacy Framework (DPF) Standard Contractual Clauses (https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA).

Zoom: Video conferences, online meetings, webinars, screen sharing, optional session recording, chat function, integration with calendars and other apps; Service provider: Zoom Video Communications, Inc., 55 Almaden Blvd., Suite 600, San Jose, CA 95113, USA; Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR); Website: https://zoom.us; Privacy Policy: https://explore.zoom.us/de/privacy/; Data Processing Agreement: https://explore.zoom.us/docs/doc/Zoom_GLOBAL_DPA.pdf. Basis for third-country transfers: Data Privacy Framework (DPF), Standard Contractual Clauses (https://explore.zoom.us/docs/doc/Zoom_GLOBAL_DPA.pdf), Data Privacy Framework (DPF) Standard Contractual Clauses (https://explore.zoom.us/docs/doc/Zoom_GLOBAL_DPA.pdf).

17. Cloud services

We use software services accessible via the Internet and running on the servers of their providers (so-called "cloud services," also referred to as "software as a service") for the storage and management of content (e.g., document storage and management, exchange of documents, content, and information with specific recipients, or publication of content and information).
In this context, personal data may be processed and stored on the providers' servers if this data is part of communication with us or is otherwise processed by us as set out in this privacy policy. This data may include, in particular, user master data and contact details, data on transactions, contracts, other processes, and their contents. The providers of the cloud services also process usage data and metadata, which they use for security purposes and to optimize the service.
If we use cloud services to provide forms, documents, and content to other users or publicly accessible websites, the providers may store cookies on users' devices for web analysis purposes or to remember users' settings (e.g., in the case of media control).

Data subjects: Interested parties; communication partners; business and contractual partners.

Purposes of processing: Office and organizational procedures; IT infrastructure (operation and provision of information systems and technical equipment (computers, servers, etc.)).

Retention and deletion: Deletion in accordance with the information in the section "General information on data storage and deletion."

Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR).

Further information on processing procedures, methods and services:

Dropbox: Cloud storage service; Service provider: Dropbox, Inc., 333 Brannan Street, San Francisco, California 94107, USA; Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR); Website: https://www.dropbox.com/de; Privacy Policy: https://www.dropbox.com/privacy; Data processing agreement: https://assets.dropbox.com/documents/en/legal/dfb-data-processing-agreement.pdf. Basis for third-country transfers: Data Privacy Framework (DPF), Standard Contractual Clauses (https://assets.dropbox.com/documents/en/legal/dfb-data-processing-agreement.pdf), Data Privacy Framework (DPF) Standard Contractual Clauses (https://assets.dropbox.com/documents/en/legal/dfb-data-processing-agreement.pdf).

Microsoft Cloud Services: Cloud storage, cloud infrastructure services, and cloud-based application software; Service provider: Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland; Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR); Website: https://microsoft.com/de-de; Privacy Policy: https://privacy.microsoft.com/de-de/privacystatement, Security Notice: https://www.microsoft.com/de-de/trustcenter; Data processing agreement: https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA. Basis for third country transfers: Data Privacy Framework (DPF), Standard Contractual Clauses (https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA), Data Privacy Framework (DPF)Standard Contractual Clauses (https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA).

18. Newsletters and electronic notifications

We send newsletters, emails, and other electronic notifications (hereinafter "newsletters") exclusively with the consent of the recipients or based on a legal basis. If the newsletter content is mentioned when registering for the newsletter, this content is decisive for the user's consent. Providing your email address is normally sufficient to register for our newsletter. However, in order to offer you a personalized service, we may ask you to provide your name so that we can address you personally in the newsletter or for further information if this is necessary for the purpose of the newsletter.

Further information on processing procedures, methods and services:

Brevo: Email sending and automation services; Service provider: Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin, Germany; Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR); Website: https://www.brevo.com/; Privacy policy: https://www.brevo.com/legal/privacypolicy/. Data processing agreement: Provided by the service provider.

Zapier: Automation of processes, merging of various services, import and export of personal and contact data, and analysis of these processes; Service provider: Zapier, Inc., 548 Market St #62411, San Francisco, California 94104, USA; Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR); Website: https://zapier.com; Privacy policy: https://zapier.com/privacy Data processing agreement: https://zapier.com/legal/data-processing-addendum. Basis for third-country transfers: Standard Contractual Clauses (https://zapier.com/legal/standard-contractual-clauses).

9. Advertising communication via email, post, fax or telephone

Wir versenden Newsletter, E-Mails und weitere elektronische Benachrichtigungen (nachfolgend „Newsletter") ausschließlich mit der Einwilligung der Empfänger oder aufgrund einer gesetzlichen Grundlage. Sofern im Rahmen einer Anmeldung zum Newsletter dessen Inhalte genannt werden, sind diese Inhalte für die Einwilligung der Nutzer maßgeblich. Für die Anmeldung zu unserem Newsletter ist normalerweise die Angabe Ihrer E-Mail-Adresse ausreichend. Um Ihnen jedoch einen personalisierten Service bieten zu können, bitten wir gegebenenfalls um die Angabe Ihres Namens für eine persönliche Ansprache im Newsletter oder um weitere Informationen, falls diese für den Zweck des Newsletters notwendig sind.

Löschung und Einschränkung der Verarbeitung: Wir können die ausgetragenen E-Mail-Adressen bis zu drei Jahren auf Grundlage unserer berechtigten Interessen speichern, bevor wir sie löschen, um eine ehemals gegebene Einwilligung nachweisen zu können. Die Verarbeitung dieser Daten wird auf den Zweck einer potenziellen Abwehr von Ansprüchen beschränkt. Ein individueller Löschungsantrag ist jederzeit möglich, sofern zugleich das ehemalige Bestehen einer Einwilligung bestätigt wird. Im Fall von Pflichten zur dauerhaften Beachtung von Widersprüchen behalten wir uns die Speicherung der E-Mail-Adresse alleine zu diesem Zweck in einer Sperrliste (sogenannte „Blocklist") vor.

Die Protokollierung des Anmeldeverfahrens erfolgt auf Grundlage unserer berechtigten Interessen zum Zweck des Nachweises seines ordnungsgemäßen Ablaufs. Soweit wir einen Dienstleister mit dem Versand von E-Mails beauftragen, erfolgt dies auf Grundlage unserer berechtigten Interessen an einem effizienten und sicheren Versandsystem.

Verarbeitete Datenarten: Bestandsdaten (z. B. der vollständige Name, Wohnadresse, Kontaktinformationen, Kundennummer, etc.); Kontaktdaten (z. B. Post- und E-Mail-Adressen oder Telefonnummern). Inhaltsdaten (z. B. textliche oder bildliche Nachrichten und Beiträge sowie die sie betreffenden Informationen, wie z. B. Angaben zur Autorenschaft oder Zeitpunkt der Erstellung).
Betroffene Personen: Kommunikationspartner.
Zwecke der Verarbeitung: Direktmarketing (z. B. per E-Mail oder postalisch); Marketing. Absatzförderung.
Aufbewahrung und Löschung: Löschung entsprechend Angaben im Abschnitt "Allgemeine Informationen zur Datenspeicherung und Löschung".
Rechtsgrundlagen: Einwilligung (Art. 6 Abs. 1 S. 1 lit. a) DSGVO). Berechtigte Interessen (Art. 6 Abs. 1 S. 1 lit. f) DSGVO).

20. Web analysis, monitoring and optimization

Die Webanalyse (auch als „Reichweitenmessung" bezeichnet) dient der Auswertung der Besucherströme unseres Onlineangebots und kann Verhalten, Interessen oder demografische Informationen zu den Besuchern, wie beispielsweise Alter oder Geschlecht, als pseudonyme Werte umfassen. Mithilfe der Reichweitenanalyse können wir zum Beispiel erkennen, zu welcher Zeit unser Onlineangebot oder dessen Funktionen beziehungsweise Inhalte am häufigsten genutzt werden, oder zur Wiederverwendung einladen. Ebenso ist es uns möglich, nachzuvollziehen, welche Bereiche der Optimierung bedürfen.

Neben der Webanalyse können wir auch Testverfahren einsetzen, um etwa unterschiedliche Versionen unseres Onlineangebots oder seiner Bestandteile zu testen und zu optimieren.

Sofern nachfolgend nicht anders angegeben, können zu diesen Zwecken Profile, also zu einem Nutzungsvorgang zusammengefasste Daten, angelegt und Informationen in einem Browser bzw. in einem Endgerät gespeichert und dann ausgelesen werden. Zu den erhobenen Angaben gehören insbesondere besuchte Websites und dort genutzte Elemente sowie technische Auskünfte, wie etwa der verwendete Browser, das benutzte Computersystem sowie Angaben zu Nutzungszeiten. Sofern sich Nutzer in die Erhebung ihrer Standortdaten uns gegenüber oder gegenüber den Anbietern der von uns eingesetzten Dienste einverstanden erklärt haben, ist auch die Verarbeitung von Standortdaten möglich.

Darüber hinaus werden die IP-Adressen der Nutzer gespeichert. Jedoch nutzen wir ein IP-Masking-Verfahren (d. h. Pseudonymisierung durch Kürzung der IP-Adresse) zum Schutz der Nutzer. Generell werden die im Rahmen von Webanalyse, A/B-Testings und Optimierung keine Klardaten der Nutzer (wie z. B. E-Mail-Adressen oder Namen) gespeichert, sondern Pseudonyme. Das heißt, wir als auch die Anbieter der eingesetzten Software kennen nicht die tatsächliche Identität der Nutzer, sondern nur die zum Zweck der jeweiligen Verfahren in deren Profilen gespeicherten Angaben.

Hinweise zu Rechtsgrundlagen: Sofern wir die Nutzer um deren Einwilligung in den Einsatz der Drittanbieter bitten, stellt die Rechtsgrundlage der Datenverarbeitung die Einwilligung dar. Ansonsten werden die Nutzerdaten auf Grundlage unserer berechtigten Interessen (d. h. Interesse an effizienten, wirtschaftlichen und empfängerfreundlichen Leistungen) verarbeitet. In diesem Zusammenhang möchten wir Sie auch auf die Informationen zur Verwendung von Cookies in dieser Datenschutzerklärung hinweisen.

Web analytics (also known as "reach measurement") is used to evaluate visitor traffic to our online offering and may include behavior, interests, or demographic information about visitors, such as age or gender, as pseudonymous values. Using reach analysis, we can, for example, identify when our online offering or its functions or content are most frequently used, or encourage reuse. It also enables us to understand which areas require optimization.
In addition to web analytics, we may also use testing procedures to test and optimize different versions of our online offering or its components.
Unless otherwise stated below, profiles—data summarized for a usage process—may be created for these purposes, and information may be stored in a browser or device and then read out. The information collected includes, in particular, websites visited and elements used there, as well as technical information, such as the browser used, the computer system used, and information on usage times. If users have consented to the collection of their location data by us or by the providers of the services we use, the processing of location data is also possible.
In addition, users' IP addresses are stored. However, we use an IP masking process (i.e., pseudonymization by shortening the IP address) to protect users. Generally, no user data (such as email addresses or names) is stored for web analysis, A/B testing, and optimization; instead, pseudonyms are used. This means that neither we nor the providers of the software we use know the actual identity of the users, but only the information stored in their profiles for the purpose of the respective processes.
Notes on legal bases: If we ask users for their consent to the use of third-party providers, the legal basis for data processing is consent. Otherwise, user data is processed based on our legitimate interests (i.e., interest in efficient, economical, and recipient-friendly services). In this context, we would also like to draw your attention to the information on the use of cookies in this privacy policy.

Further information on processing procedures, methods and services:

Google Analytics: We use Google Analytics to measure and analyze the use of our online offering based on a pseudonymous user identification number. This identification number does not contain any unique data, such as names or email addresses. It is used to assign analysis information to a device in order to recognize which content users have accessed within one or more usage processes, which search terms they used, accessed these again, or interacted with our online offering. The time and duration of use are also stored, as are the sources of users who refer to our online offering and technical aspects of their devices and browsers. Pseudonymous profiles of users are created with information from the use of various devices, and cookies may be used for this purpose. Google Analytics does not log or store individual IP addresses for EU users. However, Analytics does provide rough geographic location data by deriving the following metadata from IP addresses: city (and the derived latitude and longitude of the city), continent, country, region, subcontinent (and ID-based counterparts). For EU traffic, the IP address data is used exclusively for this derivation of geolocation data before being immediately deleted. It is not logged, is not accessible, and is not used for any other purposes. When Google Analytics collects measurement data, all IP queries are performed on EU-based servers before the traffic is forwarded to Analytics servers for processing; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6 (1) (a) GDPR); Website: https://marketingplatform.google.com/intl/de/about/analytics/; Security measures: IP masking (pseudonymization of the IP address); Privacy policy: https://policies.google.com/privacy; Data processing agreement: https://business.safety.google/adsprocessorterms/; Basis for third-country transfers: Data Privacy Framework (DPF), Standard Contractual Clauses (https://business.safety.google/adsprocessorterms), Data Privacy Framework (DPF) Standard Contractual Clauses (https://business.safety.google/adsprocessorterms); Opt-out option: Opt-out plug-in: https://tools.google.com/dlpage/gaoptout?hl=de, Settings for the display of advertisements: https://myadcenter.google.com/personalizationoff. Further information: https://business.safety.google/adsservices/ (types of processing and data processed).

21. Online marketing

We process personal data for the purpose of online marketing, which may include, in particular, the marketing of advertising space or the presentation of advertising and other content (collectively referred to as "content") based on users' potential interests, as well as the measurement of its effectiveness.
For these purposes, so-called user profiles are created and stored in a file (the so-called "cookie"), or similar processes are used to store the user information relevant to the presentation of the aforementioned content. This may include, for example, content viewed, websites visited, online networks used, but also communication partners and technical information, such as the browser used, the computer system used, as well as information on usage times and functions used. If users have consented to the collection of their location data, this may also be processed.
In addition, users' IP addresses are stored. However, we use available IP masking procedures (i.e., pseudonymization by shortening the IP address) for user protection. In general, no clear user data (such as email addresses or names) is stored within the online marketing process, but rather pseudonyms. This means that neither we nor the providers of the online marketing processes know the actual user identity, but only the information stored in their profiles.
The statements in the profiles are generally stored in cookies or similar processes. These cookies can generally be read later on other websites that use the same online marketing process and analyzed for the purpose of displaying content, supplemented with additional data, and stored on the server of the online marketing process provider.
Exceptionally, it is possible to assign clear data to the profiles, primarily if the users are, for example, members of a social network whose online marketing process we use and the network links the user profiles with the aforementioned information. Please note that users can enter into additional agreements with the providers, for example, by consenting during registration.
We generally only receive access to summarized information about the success of our advertisements. However, within the framework of so-called conversion measurements, we can check which of our online marketing processes have led to a so-called conversion, i.e., for example, to the conclusion of a contract with us. Conversion measurements are used solely to analyze the success of our marketing measures.
Unless otherwise stated, we ask you to assume that cookies used will be stored for a period of two years.

Notes on legal bases:
If we ask users for their consent to the use of third-party providers, the legal basis for data processing is permission. Otherwise, user data is processed based on our legitimate interests (i.e., interest in efficient, economical, and user-friendly services). In this context, we would also like to draw your attention to the information on the use of cookies in this privacy policy.

Notes on revocation and objection:
We refer to the privacy policies of the respective providers and the objection options (so-called "opt-out") specified for the providers. If no explicit opt-out option has been provided, you can deactivate cookies in your browser settings. However, this may limit the functionality of our online offering. We therefore recommend the following additional opt-out options, which are summarized for each region:
a) Europe: https://www.youronlinechoices.eu.
b) Canada: https://www.youradchoices.ca/choices.
c) USA: https://www.aboutads.info/choices.
d) Cross-regional: https://optout.aboutads.info.

Types of data processed: Content data (e.g., textual or visual messages and contributions, as well as related information, such as authorship or time of creation); Usage data (e.g., page views and length of stay, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions); Meta, communication, and procedural data (e.g., IP addresses, time information, identification numbers, persons involved); Event Data (Facebook) ("Event Data" is information that is sent, for example, via meta pixels (whether via apps or other channels) to the provider Meta and relates to individuals or their actions. This data includes details about website visits, interactions with content and features, app installations, and product purchases. Event Data is processed with the aim of creating target groups for content and advertising messages (custom audiences). It is important to note that Event Data does not include actual content such as written comments, login information, or contact information such as names, email addresses, or phone numbers. "Event Data" is deleted by Meta after a maximum of two years, and the resulting target groups disappear when our Meta user accounts are deleted.); Contact information (Facebook) ("Contact information" is data that (clearly) identifies data subjects, such as names, email addresses, and telephone numbers, which can be transmitted to Facebook, e.g., via Facebook Pixel or upload, for matching purposes to create custom audiences. After matching to create target groups, the contact information is deleted.)

Data subjects: Users (e.g., website visitors, users of online services).

Purposes of processing: Reach measurement (e.g., access statistics, recognition of recurring visitors); Tracking (e.g., interest-/behavior-based profiling, use of cookies); Conversion measurement (measurement of the effectiveness of marketing measures); Target group formation; Marketing; Profiles with user-related information (creation of user profiles); Provision of our online offering and user-friendliness; Remarketing; Click tracking; Cross-device tracking (cross-device processing of user data for marketing purposes).

Storage and deletion: Deletion in accordance with the information in the "General information on data storage and deletion" section. Cookies are stored for up to two years (unless otherwise stated, cookies and similar storage methods may be stored on users' devices for a period of two years).

Security measures: IP masking (pseudonymization of the IP address).

Legal basis: Consent (Art. 6 (1) (a) GDPR). Legitimate interests (Art. 6 (1) (f) GDPR).

Further information on processing procedures, methods and services:

Meta pixels and target group creation (custom audiences): With the help of the meta pixel (or comparable functions for transmitting event data or contact information via interfaces in apps), Meta is able to define visitors to our online offering as a target group for displaying advertisements (so-called "meta ads"). Accordingly, we use the meta pixel to display the meta ads we place only to users on Meta platforms and within the services of partners cooperating with Meta (so-called "Audience Network" https://www.facebook.com/audiencenetwork/ ) who have also shown an interest in our online offering or who exhibit certain characteristics (e.g., interest in certain topics or products, which can be seen from the websites visited) that we transmit to Meta (so-called "custom audiences"). With the help of the meta pixel, we also want to ensure that our meta ads correspond to the potential interests of users and are not annoying. With the help of the meta pixel, we can also track the effectiveness of meta ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a meta ad (so-called "conversion measurement"); Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal basis: Consent (Art. 6 (1) (a) GDPR); Website: https://www.facebook.com; Privacy Policy: https://www.facebook.com/privacy/policy/; Data processing agreement: https://www.facebook.com/legal/terms/dataprocessing; Basis for third country transfers: Data Privacy Framework (DPF), Standard Contractual Clauses (https://www.facebook.com/legal/EU_data_transfer_addendum), Data Privacy Framework (DPF) Standard Contractual Clauses (https://www.facebook.com/legal/EU_data_transfer_addendum); Further information: Users' event data, i.e., behavioral and interest information, is processed for the purposes of targeted advertising and target group building on the basis of the joint controller agreement ("Controller Addendum", https://www.facebook.com/legal/controller_addendum). Joint controllership is limited to the collection and transmission of data to Meta Platforms Ireland Limited, a company based in the EU. Further processing of the data is the sole responsibility of Meta Platforms Ireland Limited, in particular the transmission of data to its parent company, Meta Platforms, Inc., in the USA (based on the standard contractual clauses concluded between Meta Platforms Ireland Limited and Meta Platforms, Inc.).
Extended comparison for the meta pixel: In addition to the processing of event data when using the meta pixel (or comparable functions, e.g., in apps), contact information (data that identifies individuals, such as names, email addresses, and telephone numbers) is also collected by Meta within our online offering or transmitted to Meta. The processing of contact information serves to create target groups (so-called "custom audiences") for the display of content and advertising information based on the presumed interests of users. The collection, transmission, and comparison with data available at Meta does not take place in plain text, but as so-called "hash values," i.e., mathematical representations of the data (this method is used, for example, when storing passwords). After the comparison for the purpose of creating target groups, the contact information is deleted. Legal basis: Consent (Art. 6 (1) (a) GDPR); Privacy Policy: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland. Data processing agreement: https://www.facebook.com/legal/terms/dataprocessing; Basis for third country transfers: Data Privacy Framework (DPF), Standard Contractual Clauses (https://www.facebook.com/legal/EU_data_transfer_addendum), Data Privacy Framework (DPF) Standard Contractual Clauses (https://www.facebook.com/legal/EU_data_transfer_addendum). Further information: https://www.facebook.com/legal/terms/data_security_terms.
Facebook Ads: Placing ads within the Facebook platform and evaluating ad results; Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal basis: Consent (Art. 6 (1) (a) GDPR); Website: https://www.facebook.com; Privacy Policy: https://www.facebook.com/privacy/policy/; Basis for third country transfers: Data Privacy Framework (DPF), Data Privacy Framework (DPF); Opt-out option: We refer to the data protection and advertising settings in the user profile on the Facebook platforms as well as to Facebook's consent procedures and contact options.

22. Customer reviews and rating processes

We participate in review and rating processes to evaluate, optimize, and promote our services. When users rate us via the participating rating platforms or processes or otherwise provide feedback, the general terms and conditions or terms of use and the privacy policy of the providers also apply. As a rule, the rating also requires registration with the respective providers.
To ensure that the reviewers have actually used our services, with the customer's consent, we transmit the necessary data regarding the customer and the service used to the respective rating platform (including name, email address, and order number or item number). This data is used solely to verify the user's authenticity.

Verarbeitete Datenarten: Vertragsdaten (z. B. Vertragsgegenstand, Laufzeit, Kundenkategorie); Nutzungsdaten (z. B. Seitenaufrufe und Verweildauer, Klickpfade, Nutzungsintensität und -frequenz, verwendete Gerätetypen und Betriebssysteme, Interaktionen mit Inhalten und Funktionen). Meta-, Kommunikations- und Verfahrensdaten (z. B. IP-Adressen, Zeitangaben, Identifikationsnummern, beteiligte Personen).
Betroffene Personen: Leistungsempfänger und Auftraggeber. Nutzer (z. B. Webseitenbesucher, Nutzer von Onlinediensten).
Zwecke der Verarbeitung: Feedback (z. B. Sammeln von Feedback via Online-Formular). Marketing.
Rechtsgrundlagen: Berechtigte Interessen (Art. 6 Abs. 1 S. 1 lit. f) DSGVO).

Weitere Hinweise zu Verarbeitungsprozessen, Verfahren und Diensten:

Google Customer Reviews: Service for collecting and/or presenting customer satisfaction and customer opinions; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR); Website: https://www.google.com/; Privacy policy: https://policies.google.com/privacy; Basis for third country transfers: Data Privacy Framework (DPF), Data Privacy Framework (DPF); Further information: When collecting customer reviews, an identification number and the time of the business transaction to be evaluated are processed; for review requests sent directly to customers, the customer's email address and their country of residence, as well as the review details themselves, are processed; Further information on the types of processing and the data processed: https://business.safety.google/adsservices/. Data processing terms for Google advertising products: Information about the services, data processing terms between controllers and standard contractual clauses for third country transfers of data: https://business.safety.google/adscontrollerterms.

23. Presences in social networks (social media)

We maintain online presences within social networks and, in this context, process user data in order to communicate with users active there or to offer information about us.
We would like to point out that user data may be processed outside the European Union. This could result in risks for users, for example, because it could make it more difficult to enforce user rights.
Furthermore, user data is generally processed within social networks for market research and advertising purposes. For example, user profiles can be created based on user behavior and the resulting interests of users. These profiles may in turn be used to place advertisements within and outside the networks that presumably correspond to the interests of the users. Therefore, cookies are generally stored on users' computers in which the user behavior and interests are stored. In addition, user profiles can also store data independent of the devices used by users (especially if they are members of the respective platforms and are logged in there).
For a detailed description of the respective processing methods and the opt-out options, please refer to the privacy policies and information provided by the operators of the respective networks.

In the case of requests for information and the assertion of data subject rights, we would like to point out that these can be most effectively asserted with the providers. Only the latter have access to user data and can directly take appropriate measures and provide information. If you still need assistance, please contact us.

Types of data processed: Contact data (e.g., postal and email addresses or telephone numbers); Content data (e.g., textual or visual messages and posts, as well as related information, such as authorship or time of creation); Usage data (e.g., page views and duration of visits, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions).

Data subjects: Users (e.g., website visitors, users of online services).

Purposes of processing: Communication; Feedback (e.g., collecting feedback via online form); Public relations.

Retention and deletion: Deletion in accordance with the information in the "General information on data storage and deletion" section.

Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR).

Further information on processing procedures, methods and services:

Instagram: Social network, enables sharing photos and videos, commenting on and favorite posts, sending messages, and subscribing to profiles and pages. Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland. Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR); Website: https://www.instagram.com; Privacy Policy: https://privacycenter.instagram.com/policy/. Basis for third-country transfers: Data Privacy Framework (DPF).

Facebook pages: Profiles within the social network Facebook - We are jointly responsible with Meta Platforms Ireland Limited for the collection (but not the further processing) of data from visitors to our Facebook page (so-called "fan page"). This data includes information about the types of content users view or interact with, or the actions they take (see "Things you and others do and provide" in the Facebook Data Policy: https://www.facebook.com/privacy/policy/), as well as information about the devices users use (e.g., IP addresses, operating system, browser type, language preferences, cookie data; see "Device Information" in the Facebook Data Policy: https://www.facebook.com/privacy/policy/). As explained in the Facebook Data Policy under "How do we use this information?", Facebook also collects and uses information to provide analytics services called "Page Insights" to Page operators to help them understand how people interact with their Pages and the content associated with them. We have concluded a special agreement with Facebook ("Information on Page Insights", https://www.facebook.com/legal/terms/page_controller_addendum), which specifically regulates the security measures Facebook must observe and in which Facebook has agreed to fulfill the rights of those affected (i.e., users can, for example, submit information or deletion requests directly to Facebook). Users' rights (in particular the right to information, deletion, objection, and complaint to the competent supervisory authority) are not restricted by the agreements with Facebook. Further information can be found in the "Information on Page Insights" (https://www.facebook.com/legal/terms/information_about_page_insights_data). Joint controllership is limited to the collection and transmission of data to Meta Platforms Ireland Limited, a company based in the EU. Further processing of the data is the sole responsibility of Meta Platforms Ireland Limited, particularly with regard to the transmission of data to the parent company Meta Platforms, Inc. in the USA. Service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR); Website: https://www.facebook.com; Privacy Policy: https://www.facebook.com/privacy/policy/. Basis for third-country transfers: Data Privacy Framework (DPF), Standard Contractual Clauses (https://www.facebook.com/legal/EU_data_transfer_addendum), Data Privacy Framework (DPF) Standard Contractual Clauses (https://www.facebook.com/legal/EU_data_transfer_addendum).

Pinterest: Social network, enables photo sharing, commenting, favorites, and curation of posts, sending messages, and subscribing to profiles; Service provider: Pinterest Europe Limited, 2nd Floor, Palmerston House, Fenian Street, Dublin 2, Ireland; Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR); Website: https://www.pinterest.com. Privacy policy: https://policy.pinterest.com/de/privacy-policy.

YouTube: Social network and video platform; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR); Privacy policy: https://policies.google.com/privacy; Basis for third-country transfers: Data Privacy Framework (DPF). Opt-out option: https://myadcenter.google.com/personalizationoff.

24. Plug-ins and embedded functions and content

We integrate functional and content elements into our online offering that are obtained from the servers of their respective providers (hereinafter referred to as "third-party providers"). These may include, for example, graphics, videos, or city maps (hereinafter collectively referred to as "content").
Integration always requires that the third-party providers of this content process the users' IP address, since without an IP address they would not be able to send the content to their browser. The IP address is therefore required to display this content or functions. We endeavor to only use content whose respective providers use the IP address solely to deliver the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. These "pixel tags" enable information, such as visitor traffic on the pages of this website, to be evaluated. The pseudonymous information may also be stored in cookies on the user's device and may contain, among other things, technical information about the browser and operating system, referring websites, the time of visit and other information about the use of our online service, but may also be linked to such information from other sources.

Notes on legal basis:

If we ask users for their consent to the use of third-party providers, the legal basis for data processing is permission. Otherwise, user data is processed based on our legitimate interests (i.e., interest in efficient, economical, and user-friendly services). In this context, we would also like to draw your attention to the information on the use of cookies in this privacy policy.

Types of data processed: Usage data (e.g., page views and duration of visits, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions); meta, communication, and procedural data (e.g., IP addresses, time information, identification numbers, people involved). Location data (information on the geographical location of a device or person).

Data subjects: Users (e.g., website visitors, users of online services).

Purposes of processing: Provision of our online services and user-friendliness.

Retention and deletion: Deletion in accordance with the information in the "General information on data storage and deletion" section. Cookies are stored for up to two years (unless otherwise stated, cookies and similar storage methods may be stored on users' devices for a period of two years).

Legal basis: Consent (Art. 6 (1) (a) GDPR). Legitimate interests (Article 6 (1) (f) GDPR).

Further information on processing procedures, methods and services:

Google Maps: We integrate maps from the "Google Maps" service provided by Google. The data processed may include, in particular, users' IP addresses and location data. Service provider: Google Cloud EMEA Limited, 70 Sir John Rogerson's Quay, Dublin 2, Ireland. Legal basis: Consent (Art. 6 (1) (a) GDPR); Website: https://mapsplatform.google.com/; Privacy Policy: https://policies.google.com/privacy. Basis for third-country transfers: Data Privacy Framework (DPF).

25. Management, organization and support tools

We use services, platforms, and software from other providers (hereinafter referred to as "third-party providers") for the organization, administration, planning, and provision of our services. When selecting third-party providers and their services, we comply with legal requirements.
In this context, personal data may be processed and stored on the servers of third-party providers. This may affect various data that we process in accordance with this privacy policy. This data may include, in particular, user master data and contact details, data on transactions, contracts, other processes, and their content.
If users are referred to third-party providers or their software or platforms as part of communication, business, or other relationships with us, the third-party providers may process usage data and metadata for security purposes, service optimization, or marketing purposes. We therefore ask you to observe the privacy policies of the respective third-party providers.

Types of data processed: Content data (e.g., textual or visual messages and posts, as well as related information, such as authorship or time of creation); Usage data (e.g., page views and duration of visits, click paths, intensity and frequency of use, device types and operating systems used, interactions with content and functions); Meta, communication, and procedural data (e.g., IP addresses, time stamps, identification numbers, persons involved). Contact data (e.g., postal and email addresses or telephone numbers).

Data subjects: Communication partners. Users (e.g., website visitors, users of online services).

Purposes of processing: Provision of contractual services and fulfillment of contractual obligations. Office and organizational procedures.

Retention and deletion: Deletion in accordance with the information in the "General information on data storage and deletion" section.

Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR).

Further information on processing procedures, methods and services:

Calendly: Online appointment scheduling and appointment management; Service provider: Calendly LLC, 271 17th St NW, Ste 1000, Atlanta, Georgia, 30363, USA; Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR); Website: https://calendly.com/de; Privacy policy: https://calendly.com/privacy; Data processing agreement: https://calendly.com/dpa. Basis for third-country transfers: Standard contractual clauses (https://calendly.com/dpa), Standard contractual clauses (https://calendly.com/dpa).

26. Definitions of terms

This section provides an overview of the terms used in this privacy policy. To the extent that the terms are defined by law, the legal definitions apply. The following explanations, however, are intended primarily to facilitate understanding.

Employees: Employees are individuals who are in an employment relationship, whether as employees, staff, or in similar positions. An employment relationship is a legal relationship between an employer and an employee, established by an employment contract or agreement. It entails the employer's obligation to pay the employee remuneration while the employee performs their work. The employment relationship encompasses various phases, including the establishment of the employment contract, the implementation of the contract, during which the employee performs their work, and the termination, when the employment relationship ends, whether through notice, termination agreement, or otherwise. Employee data is all information relating to these individuals and in the context of their employment. This includes aspects such as personal identification data, identification numbers, salary and banking information, working hours, vacation entitlements, health data, and performance evaluations.

Inventory data: Inventory data includes essential information necessary for the identification and management of contractual partners, user accounts, profiles, and similar assignments. This data may include, among other things, personal and demographic information such as names, contact information (addresses, telephone numbers, email addresses), dates of birth, and specific identifiers (user IDs). Inventory data forms the basis for any formal interaction between individuals and services, institutions, or systems by enabling unambiguous identification and communication.

Cross-device tracking: Cross-device tracking is a form of tracking in which user behavior and interest information is collected across devices in so-called profiles by assigning users an online identifier. This allows user information to be analyzed for marketing purposes, regardless of the browser or device used (e.g., mobile phones or desktop computers). For most providers, the online identifier is not linked to clear data such as names, postal addresses, or email addresses.

Content data: Content data includes information generated during the creation, processing, and publication of all types of content. This category of data can include text, images, videos, audio files, and other multimedia content published on various platforms and media. Content data is not limited to the actual content itself, but also includes metadata that provides information about the content itself, such as tags, descriptions, author information, and publication dates.

Click tracking: Click tracking allows us to track users' movements within an entire online offering. Since the results of these tests are more accurate when user interactions can be tracked over a certain period of time (e.g., so we can determine whether a user tends to return), cookies are typically stored on users' computers for these testing purposes.

Contact data: Contact data is essential information that enables communication with individuals or organizations. It includes, among other things, telephone numbers, postal addresses, and email addresses, as well as communication tools such as social media handles and instant messaging identifiers.

Conversion measurement: Conversion measurement (also known as "visit action analysis") is a method used to determine the effectiveness of marketing measures. This typically involves storing a cookie on users' devices within the websites where the marketing measures are carried out and then retrieving it on the target website. For example, this allows us to understand whether the ads we place on other websites were successful.

Meta, communication, and procedural data: Meta, communication, and procedural data are categories that contain information about how data is processed, transmitted, and managed. Metadata, also known as data about data, includes information that describes the context, origin, and structure of other data. It can include information about the file size, creation date, author of a document, and modification histories. Communication data records the exchange of information between users across different channels, such as email traffic, call logs, social media messages, and chat histories, including the people involved, timestamps, and transmission methods. Procedural data describes the processes and procedures within systems or organizations, including workflow documentation, logs of transactions

27. Change and update

We ask you to inform yourself regularly about the content of our privacy policy. We will adapt this privacy policy as soon as changes to the data processing we carry out make this necessary. We will inform you as soon as the changes require your cooperation (e.g., consent) or other individual notification.
If we provide addresses and contact information of companies and organizations in this privacy policy, please note that the addresses may change over time and ask you to check the information before contacting us.

start

notes

privacy policy

1.

Name and contact details of the person responsible for processing and the company data protection officer

This privacy information applies to data processing by:

Responsible:

2.

Collection and storage of personal data as well as the type and purpose of their use

a)

When you visit the website

b)

When you sign up for our newsletter

c)

When using our contact form

d)

When using offers via Immobilienscout24

3.

sharing of data

4.

International data transfers

Further information on processing procedures, methods and services:

Storage and deletion of data:

5.

General information on data storage and deletion

6.

analysis tools

7.

Security measures

6.

rights of those affected

9.

right of objection

10.

Business services

Further information on processing procedures, methods and services:

11.

Business processes and procedures

Further information on processing procedures, methods and services:

12.

Provision of the online service and web hosting

Further information on processing procedures, methods and services:

13.

cookies

Information on data protection legal bases:

Storage period:

General information on revocation and objection (opt-out):

Further information on processing procedures, methods and services:

14.

Special notes on applications (apps)

Legal basis

Further information on processing procedures, methods and services:

9.

Contact and inquiry management

Further information on processing procedures, methods and services:

16.

Video conferencing, online meetings, webinars and screen sharing

Data processed by conference platforms:

Participants’ data protection measures:

Notes on legal basis:

Further information on processing procedures, methods and services:

17.

Cloud services

Further information on processing procedures, methods and services:

18.

Newsletters and electronic notifications

Contents:

Further information on processing procedures, methods and services:

9.

Advertising communication via email, post, fax or telephone

20.

Web analysis, monitoring and optimization

Further information on processing procedures, methods and services:

21.

Online marketing

Further information on processing procedures, methods and services:

22.

Customer reviews and rating processes

23.

Presences in social networks (social media)

Further information on processing procedures, methods and services:

24.